smtpmail failure

smtpmail failure

[Stephen Berman]

[-- Attachment #1: Type: text/plain, Size: 713 bytes --]

With one of my email accounts I've been unable to send mail using Gnus
(in GNU Emacs 23.0.60.5 (i686-pc-linux-gnu, GTK+ Version 2.12.0) of
2008-02-14 on escher).  I use this setup (anonymized):

  (setq message-send-mail-function 'smtpmail-send-it
	smtpmail-default-smtp-server "mail.myprovider.com"
	smtpmail-smtp-service 465
	user-mail-address "Stephen.Berman@myprovider.com"
	smtpmail-auth-credentials
	'(("mail.myprovider.com" 465 "myusername" "mypassword")))

I type `M-x message-mail', type the message and send it, and Emacs locks
up for 20 minutes, then beeps and shows the message
"smtpmail-send-command: Process SMTP not running".  The buffer *trace of
SMTP session to mail.myprovider.com* shows this:


[-- Attachment #2: SMTP session trace --]
[-- Type: text/plain, Size: 99 bytes --]

Process SMTP connection broken by remote peer
454 TLS connection failed: timed out (#4.3.0)

QUIT


[-- Attachment #3: Type: text/plain, Size: 1355 bytes --]


I got the port 465 for smtpmail-smtp-service from KMail; with KMail I
can send mail from this account.  KMail has a configuration function
that check what kind of authentification the server supports, and for
this account it says the server supports SSL encryption and either LOGIN
or PLAIN authentification, and it changes the port from 25 to 465.
Since the smptmail manual says LOGIN authentification is supported, and
since it works with KMail, I do not understand why it fails with Gnus.
Have I failed to set a necessary variable?  Is there another way to send
mail with Gnus via an SMTP server?  I would be grateful for any help.

Steve Berman

PS: As a sanity check, I also tried with the default port 25, and after
a few minutes the transmission attempt broke off with the message
"open-network-stream: make client process failed: connection timed out,
:name, SMTP, :buffer, *trace of SMTP session to mail.myprovider.com*,
:host, mail.myprovider.com, :service, 25"

PPS: I had first tried the above setq except for not setting
smtpmail-smtp-service, but including 465 smtpmail-auth-credentials.  But
with this I got the same result as reported in the above PS, including
":service, 25".

PPPS: I have another email account with which I can send mail using Gnus,
with a setup parallelling the above, except that the port in this case
is indeed 25.

Re: smtpmail failure

[Stephen Berman]

On Fri, 15 Feb 2008 13:47:59 +0100 Stephen Berman <Stephen.Berman@gmx.net> wrote:

> With one of my email accounts I've been unable to send mail using Gnus
[...]
> with KMail I
> can send mail from this account.  KMail has a configuration function
> that check what kind of authentification the server supports, and for
> this account it says the server supports SSL encryption and either LOGIN
> or PLAIN authentification, and it changes the port from 25 to 465.
> Since the smptmail manual says LOGIN authentification is supported, and
> since it works with KMail, I do not understand why it fails with Gnus.
> Have I failed to set a necessary variable?  Is there another way to send
> mail with Gnus via an SMTP server?  I would be grateful for any help.

Does nobody have an idea why smptmail fails?  Or any suggestions about
how I could try to track down the source of the failure?  I would rather
use Gnus than KMail.

Steve Berman

Re: smtpmail failure

[Dave Goldberg]

>>>>> On Thu, 21 Feb 2008 20:37:14 +0100, Stephen Berman <Stephen.Berman@gmx.net> said:

> On Fri, 15 Feb 2008 13:47:59 +0100 Stephen Berman <Stephen.Berman@gmx.net> wrote:
>> With one of my email accounts I've been unable to send mail using Gnus
> [...]
>> with KMail I
>> can send mail from this account.  KMail has a configuration function
>> that check what kind of authentification the server supports, and for
>> this account it says the server supports SSL encryption and either LOGIN
>> or PLAIN authentification, and it changes the port from 25 to 465.
>> Since the smptmail manual says LOGIN authentification is supported, and
>> since it works with KMail, I do not understand why it fails with Gnus.
>> Have I failed to set a necessary variable?  Is there another way to send
>> mail with Gnus via an SMTP server?  I would be grateful for any help.

> Does nobody have an idea why smptmail fails?  Or any suggestions about
> how I could try to track down the source of the failure?  I would rather
> use Gnus than KMail.

It appears that your mail server wants to use SSL.  The smtpmail.el in
XEmacs appears to support this provided you have an external program
(starttls) available.  My own mail server doesn't do it so I have
nothing to test with.  I suggest taking a look through your
smtpmail.el and see what you need to do to support SSL and trying
that.

-- 
Dave Goldberg
david.goldberg6@verizon.net

Re: smtpmail failure

[Stephen Berman]

On Sat, 23 Feb 2008 10:20:47 -0500 Dave Goldberg <david.goldberg6@verizon.net> wrote:

>>>>>> On Thu, 21 Feb 2008 20:37:14 +0100, Stephen Berman <Stephen.Berman@gmx.net> said:
>
>> On Fri, 15 Feb 2008 13:47:59 +0100 Stephen Berman <Stephen.Berman@gmx.net> wrote:
>>> With one of my email accounts I've been unable to send mail using Gnus
>> [...]
>>> with KMail I
>>> can send mail from this account.  KMail has a configuration function
>>> that check what kind of authentification the server supports, and for
>>> this account it says the server supports SSL encryption and either LOGIN
>>> or PLAIN authentification, and it changes the port from 25 to 465.
>>> Since the smptmail manual says LOGIN authentification is supported, and
>>> since it works with KMail, I do not understand why it fails with Gnus.
>>> Have I failed to set a necessary variable?  Is there another way to send
>>> mail with Gnus via an SMTP server?  I would be grateful for any help.
>
>> Does nobody have an idea why smptmail fails?  Or any suggestions about
>> how I could try to track down the source of the failure?  I would rather
>> use Gnus than KMail.
>
> It appears that your mail server wants to use SSL.  The smtpmail.el in
> XEmacs appears to support this provided you have an external program
> (starttls) available.  My own mail server doesn't do it so I have
> nothing to test with.  I suggest taking a look through your
> smtpmail.el and see what you need to do to support SSL and trying
> that.

Thanks.  My smptmail manual also refers to starttls but says gnutls-cli
is preferred, and the latter is installed on my system.  Following the
manual I set smtpmail-starttls-credentials to '(("mail.myprovider.com"
465 nil nil)) and also set smtpmail-smtp-service to 465, and when I
tried sending the email, I got the message "Opening STARTTLS connection
to `mail.myprovider.com'...done" and in the *trace of SMTP session to
mail.myprovider.com* buffer: 
Resolving 'mail.myprovider.com'...
Connecting to '123.456.78:465' (the mail server's IP number and port)
but then, as before, Emacs hung up for 20 minutes and then returned the
message: "smtpmail-send-command: Process SMTP not running" and in the
*trace of SMTP session to mail.myprovider.com* buffer: 
Process SMTP finished
454 TLS connection failed: timed out (#4.3.0) 
- Peer has closed the GNUTLS connection
QUIT 

Any other ideas why it is failing?  (Again, it works with KMail.)

Steve Berman

Re: smtpmail failure

[Denys Duchier]

Stephen Berman <Stephen.Berman@gmx.net> writes:

>   (setq message-send-mail-function 'smtpmail-send-it
> 	smtpmail-default-smtp-server "mail.myprovider.com"
> 	smtpmail-smtp-service 465
> 	user-mail-address "Stephen.Berman@myprovider.com"
> 	smtpmail-auth-credentials
> 	'(("mail.myprovider.com" 465 "myusername" "mypassword")))
>
> I type `M-x message-mail', type the message and send it, and Emacs locks
> up for 20 minutes, then beeps and shows the message
> "smtpmail-send-command: Process SMTP not running".  The buffer *trace of
> SMTP session to mail.myprovider.com* shows this:

I have similar problems.  I looked into them today and the issue seems
to be with starttls-open-stream-gnutls (in starttls.el): it has a
hardcoded -s option.  I have found that, if I remove it or replace it by
-r, then mail sending works again.

I don't really understand gnutls-cli at all, but with -s it seems you
have to send EOF or SIGALRM to actually start TLS... and that doesn't
seem to be done in the starttls.el code.

What I understand even less, is why we have open-tls-stream (tls.el) and
starttls-open-stream-gnutls (starttls.el) instead of one unified way of
opening tls connections.

Cheers,

--Denys

Re: smtpmail failure

[Denys Duchier]

[-- Attachment #1: Type: text/plain, Size: 683 bytes --]

I am beginning to understand the issues here and below I have attached a
proposed fix: it adds support for legacy ssl-only smtp servers.  I have
based this patch on the version of smtpmail that can be found in
gnus/contrib.

The patch is mostly a conservative extension, except in one respect:
previously, when credentials where found in
smtpmail-starttls-credentials but gnutls-cli was not found,
smtpmail-open-stream would open a non secured connection to the smtp
server.  I think that's a bug: if the user has explicitly added an entry
in smtpmail-starttls-credentials, then clearly he expects a secured
connection: a non-secured connection should not silently be used
instead.


[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: support ssl smtp connections --]
[-- Type: text/x-patch, Size: 3207 bytes --]

Index: contrib/smtpmail.el
===================================================================
RCS file: /usr/local/cvsroot/gnus/contrib/smtpmail.el,v
retrieving revision 7.12
diff -u -r7.12 smtpmail.el
--- contrib/smtpmail.el	20 Jan 2008 05:23:59 -0000	7.12
+++ contrib/smtpmail.el	21 Mar 2008 09:35:14 -0000
@@ -84,6 +84,7 @@
 (autoload 'netrc-parse "netrc")
 (autoload 'netrc-machine "netrc")
 (autoload 'netrc-get "netrc")
+(autoload 'open-tls-stream "tls")
 
 ;;;
 (defgroup smtpmail nil
@@ -195,6 +196,15 @@
   :version "21.1"
   :group 'smtpmail)
 
+(defcustom smtpmail-ssl-servers '()
+  "servers requiring an SSL connection.
+This is a list of 2-element lists with `servername' (a string)
+and `port' (an integer)."
+  :type '(repeat (list (string :tag "Server")
+		       (integer :tag "Port")))
+  :version "22.1"
+  :group 'smtpmail)
+
 (defcustom smtpmail-warn-about-unknown-extensions nil
   "*If set, print warnings about unknown SMTP extensions.
 This is mainly useful for development purposes, to learn about
@@ -513,34 +523,38 @@
 (defun smtpmail-open-stream (process-buffer host port)
   (let ((cred (smtpmail-find-credentials
 	       smtpmail-starttls-credentials host port)))
-    (if (null (and cred (condition-case ()
-			    (with-no-warnings
-			      (require 'starttls)
-			      (call-process (if starttls-use-gnutls
-						starttls-gnutls-program
-					      starttls-program)))
-			  (error nil))))
-	;; The normal case.
-	(open-network-stream "SMTP" process-buffer host port)
+    (if (null cred)
+	;; we reuse smtpmail-find-credentials to search in
+	;; smtpmail-ssl-servers because it does the right
+	;; kind of lookup
+	(let ((entry (smtpmail-find-credentials
+		      smtpmail-ssl-servers host port)))
+	  (if (null entry)
+	      ;; The normal case
+	      (open-network-stream "SMTP" process-buffer host port)
+	    ;; The SSL case
+	    (prog1 (open-tls-stream "SMTP" process-buffer host port)
+	      (with-current-buffer process-buffer
+		(delete-region (point-min) (point))
+		(goto-char (point-min))))))
+      ;; The TLS case
       (let* ((cred-key (smtpmail-cred-key cred))
 	     (cred-cert (smtpmail-cred-cert cred))
+	     (cred-found
+	      (and (stringp cred-key) (stringp cred-cert)
+		   (file-regular-p
+		    (setq cred-key (expand-file-name cred-key)))
+		   (file-regular-p
+		    (setq cred-cert (expand-file-name cred-cert)))))
 	     (starttls-extra-args
 	      (append
 	       starttls-extra-args
-	       (when (and (stringp cred-key) (stringp cred-cert)
-			  (file-regular-p
-			   (setq cred-key (expand-file-name cred-key)))
-			  (file-regular-p
-			   (setq cred-cert (expand-file-name cred-cert))))
+	       (when cred-found
 		 (list "--key-file" cred-key "--cert-file" cred-cert))))
 	     (starttls-extra-arguments
 	      (append
 	       starttls-extra-arguments
-	       (when (and (stringp cred-key) (stringp cred-cert)
-			  (file-regular-p
-			   (setq cred-key (expand-file-name cred-key)))
-			  (file-regular-p
-			   (setq cred-cert (expand-file-name cred-cert))))
+	       (when cred-found
 		 (list "--x509keyfile" cred-key "--x509certfile" cred-cert)))))
 	(starttls-open-stream "SMTP" process-buffer host port)))))
 

[-- Attachment #3: Type: text/plain, Size: 18 bytes --]


Cheers,

--Denys